HITRUST establishes working group


The Health Information Trust Alliance (HITRUST) has established a working group, with the mission of improving the overall security of and trust in Health Information Technology (HIT).

Industry leaders have convened the working group to address growing concerns over health information systems and medical device security by establishing a Health Information Technology (HIT) framework for vulnerability avoidance, reporting, and mitigation.

Titled the Health Information Technology (HIT) and medical device integrity and security program, the working group will be comprised of health information technology vendors, medical device manufacturers, and health information systems users.

“The benefits in terms of effectiveness and efficiencies to industry from this group will be both short and long term, from better requirements and guidance to timely and consistent vulnerability reporting and disclosure, to name a few,” said Daniel Nutkis, chief executive officer of HITRUST. “We will take into account risks and threats to industry in prioritizing the deliverables.”

David Muntz, senior vice president and chief information officer, GetWellNetwork and former principal deputy national coordinator and chief of staff, Office of the National Coordinator (ONC), said: “Given the pace and complexities associated with protecting these systems, the private sector, not the government, should step up to manage this process.

“It needs to be practical and pragmatic, done quickly and with the flexibility required to match the rapidly evolving market. There is too much riding on the effectiveness and acceptance of these systems and we must ensure we maintain consumers’ confidence.”

Pamela Arora, senior vice president and chief information officer, Children’s Health, added: “Children’s Health is committed to securely connecting the patient data ‘dots’ so we may deliver clinical information to the patient’s full care team, including those outside of Children’s network. We must work together to attain security of this data – a more secure environment begins with vulnerability awareness.

“This working group will help establish standard vendor vulnerability communication steps. With this knowledge, Children’s and others can add safeguards to increase the safety of patient data and promote the flow of clinical information across the continuum of care.”

HITRUST, Risk Management, IT and Data Security, Daniel Nutkis, David Muntz, Pamela Arora, US